Debian Project News - October 8th, 2008

Welcome to this year's 12th issue of DPN, the newsletter for the Debian
community.
Some of the topics covered in this issue include:

Bits from the DPL

What you can do for Lenny

500,000th bug reported

... and much more.

Bits from the DPL

Steve McIntyre sent out another Bits
from the DPL mail. His first topic was the recently
finished eighth Debian Conference in Argentina. Even though many developers
and contributors could not travel there he considered it to be a successful
conference. He especially thanked the video team, who did an amazing job this
year making most of the sessions available via stream as well as forwarding
questions via Internet Relay Chat. Steve is already looking forward to
next year's Debian Conference, which will take place in the region of Extremadura
in Spain.

He then summarized the results of this year's Google Summer of Code, a project in which
students work on specific free software projects and get paid by Google.
Debian got thirteen project slots. Eleven of these projects were completed
successfully (sadly, the rest had to drop out due to unforeseen problems).

Steve closed with a short summary about the upcoming stable release
Lenny. Preparations for a release candidate of the debian-installer are
on their way and the release notes are taking shape. But there are still a lot
of release critical bugs left to be fixed.

What you can do for Lenny

Unfortunately, Debian GNU/Linux 5.0 Lenny hasn't been released yet.
Alexander Reichle-Schmehl briefly explained
the problems and listed some open issues which need to resolved
before Lenny can be released. He points out that even a simple user
(meaning everyone) can help.

While most release blockers and release goals have been dealt with —
including transitions to newer compilers, libraries and other tools — the
development has reached its final phase, where the last release critical bugs
need to be fixed, upgrade tests need to be performed and the release notes need to be written.
Alexander gave a brief overview on how to perform upgrade tests, which he later
updated in his
blog, and also showed other ways to help such as writing and translating the release
notes.

Christian Perrier
noted
that the 500,000th bug has been
reported to Debian's bug tracking system. In it, Nobuhiro Iwamatsu (岩松 信洋) requested a feature
for the common debian build system, a tool used to create Debian packages, and
even provided a patch.

Lucas Nussbaum
graciously provided some statistics.
From these 500,000 bugs, nearly 410,000 have already been solved.

Christian also noted that the vitality of the Debian Bug Tracking system is an
indicator of the vitality of development in Debian (the current bug report rate is
about 60,000 bugs per year for a total of 24,000 packages in the distribution,
only 2.5 bugs per year, per package).

Thus, Debian developers are proud that they have had 500,000 occasions to
interact with their users. Of course, they are also proud that 410,000 of
these bugs are already closed and only 250 of the remaining
bugs are release critical for the upcoming Debian lenny release.

Valid-Until field in Release files

While the current archive structure prevents injection of malicious packages
through a digital trust path (e.g. at a bad mirror), it still has a small
flaw. A potential attacker could use outdated release information to force
people to use an outdated mirror, leaving out the latest security updates. To
address this problem, Jörg Jaspert has added
a valid until field to the release information. APT (or another
package manager) can then check if the data available on the mirror is up to
date. Work has already begun to integrate this feature into the apt package
manager and tools based upon it; however,
some questions remain unresolved.

Choosing a language during NAS installations

Martin Michlmayr reported that
due to changes of the internal structure of the debian-installer, it is now
it is now possible to choose the language (and the resulting
system) for installations on NAS machines. Installations on headless NAS devices
are typically done remotely via SSH and up until now, the network had been started
after the language had already been chosen, thus the ability to choose a language
interactively was completely disabled for such devices. Due to changes in the
component responsible for choosing the locale, this feature can now be enabled
for these kinds of devices.

m68k moved to debian-ports

After missing release criteria for both Etch and Lenny, the m68k port made the
switch from using the wanna-build instance on Debian infrastructure to the one
on Debian-Ports. This is a necessary
step before m68k can be removed from the Debian archive. Buildd.Net still supports
the m68k architecture and has already adopted the change. The m68k port was
one of two official ports in the first Debian release, Debian 2.0 (the other
being i386).

Other news

Christian Perrier released
the final number of languages which will be supported in the debian-installer
of the upcoming release. All-in-all 63 languages will be supported, which is 5
more than in the current release.

A long term goal, the move from documentation in /usr/doc to /usr/share/doc as recommended in
the Filesystem hierarchy standard, has finally been completed.

Christian Perrier also noted
that the team working on apt, the core package manager of Debian and Debian-based
distributions, is lacking manpower and in need of help.

Linux Kongress 2008

From Thursday the 9th of October to Friday the 10th of October, the Debian
Project will participate with a booth at the Linux-Kongress 2008 in Hamburg,
Germany. Please see the respective
events page for
further details.

Technical Dutch Open Source Event 2008

From Saturday the 25th of October to Sunday the 26th of October, the Debian
Project will participate with a booth at the Technical Dutch Open Source Event
(T-DOSE) in Eindhoven, Netherlands. Please see the respective
events page for
further details.

Please note that these are a selection of the more important security
advisories of the last two weeks. If you need to be kept up to date about
security advisories released by the Debian Security Team, please subscribe to
the security
mailing list for announcements.

New and noteworthy packages

The following packages were added to the unstable Debian archive recently (among others):

ddclient
(an utility to get access to home servers despite having a dynamic IP),
FlameRobin
(a GUI to administer Firebird/Interbase SQL servers) and
logstalgia
(a pong-like apache log viewer) where presented by Debian Package of the Day.

Please help us create this newsletter. We still need more volunteer writers
to watch the Debian community and report about what is going on. Please see the
contributing
page to find out how to help. We're looking forward to receiving your mail
at debian-publicity@lists.debian.org.